package com.hmjk.health.background;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import android.content.Context;
import android.util.Log;

public class MyX509TrustManager implements X509TrustManager { 
	    X509TrustManager myX509TrustManager;  
	    String PASSWORD = "ubuntu";//"yynie test keystore @swbuild098
	    String SFA_PASSWORD = "spdephone";
	    
	    public MyX509TrustManager(Context context) throws Exception {  	    	
	        KeyStore ks = KeyStore.getInstance("BKS");  
	        
	        /*InputStream is = context.getAssets().open("swbuild098.bks");//"yynie test keystore @swbuild098
	        ks.load(is,  PASSWORD.toCharArray());
	        is.close();*/
	        
	        //InputStream is = context.getAssets().open("sfatest.bks");//test server keystore
	        InputStream is = context.getAssets().open("139.bks");
	        ks.load(is,  SFA_PASSWORD.toCharArray());
	        is.close();
	        
	        TrustManagerFactory factory = TrustManagerFactory.getInstance("X509");  
	        factory.init(ks);  
	        TrustManager manager[] = factory.getTrustManagers();  
	        for (int i = 0; i < manager.length; i++) {  
	            if (manager[i] instanceof X509TrustManager) {  
	            	myX509TrustManager = (X509TrustManager) manager[i];  
	                return;  
	            }  
	        }  
	    }  
	  
	    @Override  
	    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {  
	    	Log.d("MyX509","checkClientTrusted chain:" + chain + ";authType="+authType);
	    }  
	  
	    @Override  
	    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {  
	    	Log.d("MyX509","checkServerTrusted");
	    	
	    	if((chain == null) || (chain.length <= 0)){
	    		throw new CertificateException("certificate chain can not be null");
	    	}
	    		 
			if((null == authType) || (false == authType.toUpperCase().contains("RSA"))){		 
				throw new CertificateException("checkServerTrusted: AuthType is not RSA, authType="+authType);
			}	 
			
			// Hack ahead: BigInteger and toString(). We know a DER encoded Public Key begins
			// with 0×30 (ASN.1 SEQUENCE and CONSTRUCTED), so there is no leading 0×00 to drop.
			/*X509Certificate[] my = myX509TrustManager.getAcceptedIssuers();
			RSAPublicKey pubkey = (RSAPublicKey)my[0].getPublicKey();
			
			boolean v = false;
			try {
				chain[0].verify(pubkey);
				v = true;
			} catch (InvalidKeyException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			} catch (NoSuchAlgorithmException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			} catch (NoSuchProviderException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			} catch (SignatureException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
			
			if(!v){
				throw new CertificateException("checkServerTrusted:pub key verification failed");
			}*/
	    	//Log.d("MyX509","checkServerTrusted chain:" + chain[0] + ";authType="+authType);
	    	
	    	myX509TrustManager.checkServerTrusted(chain, authType);
	    }  
	  
	   
	    @Override  
	    public X509Certificate[] getAcceptedIssuers() {   
	    	Log.d("MyX509","getAcceptedIssuers");
	        return null;  
	    }  
}
